We hope you like the new look of the Alloy Announcements page! 🎨

It's been a month of modest improvements to Alloy. No ground-breaking new features, just quiet optimisations and bug fixes to make your Alloy experience even better ✅. The update took place during the evening of the 31st October. For a full list of changes in v2.64, please visit the Alloy Changelog.

Cloud malware protection ⚠️

When uploading files to Alloy, they can now be scanned for malware.

Given Alloy's role in storing and processing lots of potentially sensitive data, we've always taken security very seriously. As a result, the attack surface of Alloy itself is fairly low, with no significant vulnerabilities detected during our annual third-party security tests. As a precaution, Alloy blocks the same file extensions as Microsoft Outlook by default, to prevent the storage of dangerous file types with well-known vulnerabilities.

However, it remains possible for a file containing malicious code to be uploaded and stored in Alloy. While it would effectively be dormant and unlikely to cause direct harm, bad actors could potentially utilise Alloy as a method of distribution for infected files (e.g. sent via workflow emails).

Therefore, files uploaded to Alloy can now be scanned using Amazon's GuardDuty Malware Protection. All files are quarantined by default until they pass the security checks. If malicious code is detected in a file, it remains inaccessible and can't be used for any purpose. Attempting to download it will display an error message, explaining why and recommending deletion.

If you wish to enable this extra layer of security on your customer project, please contact Support to opt in.

Most of this month's improvements are behind the scenes 🛠️. While there aren't any visible changes or new features to speak of, there have been significant improvements to Alloy's underlying engine.

In particular, Alloy's Task Executor has been worked on for over three weeks! The Task Executor monitors and juggles all the queued tasks (e.g. workflows, imports, bulk actions) to ensure they're performed efficiently, and that problematic tasks don't bring things to a standstill.

With more people using Alloy than ever before, the number and size of tasks has grown considerably, especially during peak times! 🥵

Therefore, the Task Executor has been upgraded to dynamically scale itself up and down in response to the current workload. Extra workers can be made available when things get busy. When things quieten down, workers can be shut down gracefully without interrupting any tasks in progress.

Bottom line: you should see increased reliability and performance in Alloy going forward!

The update took place during the evening of the 26th September. For a full list of changes in v2.63, please visit the Alloy Changelog.

This month, we’ve added a couple of handy new features and continued to focus on boosting the reliability of Alloy Mobile iOS 📱.

The update took place during the evening of the 29th August. For a full list of changes in v2.62, please visit the Alloy Changelog.

Use encrypted secrets in HTTP requests 🔐

When building a workflow, the Http Request action lets you send a web request to a specific URL. The method, URL, body and headers can be configured with static values or populated dynamically (based on the output of other actions in the workflow).

If a request requires authentication details or other sensitive data, this can now be stored securely within a Text attribute on an item of any design. To make the attribute secure, it must be configured with a custom tag named Secret. When the attribute is populated on an item, the value will now be saved as an encrypted text string. The original text won't be viewable to anyone!

To reference a secret in a Http Request action, enter a dollar sign $ plus the attribute’s code when configuring the relevant property. The item containing the desired value must also be added to the action’s Key Items.

In the example below, $attributes_credentialsPassword_66ceecb95527bff1c0a108c8 is included in the action’s Url and Http Headers properties. The decrypted value will be used in the request:

GET /test?pass=mypassword1234 HTTP/1.1
Host: alloytest.requestcatcher.com
Authorization: Bearer mypassword1234
Connection: Keep-Alive

Clone imports 🧬

To import data using Gateway, you need to create and configure an import item, validate its configuration, and then commit its data to Alloy.

If an import item’s Status is Validated or Processed, you now have the ability to clone it! When cloning an import, you can view the existing configuration and make changes to any step, or just create an exact duplicate.

This provides a handy way to redo a committed import (possibly with different data files), or experiment with alternative import configurations, without having to configure a new import from scratch.

To clone the current import item, select More in the action bar and choose Clone import.

Offline item forms in Alloy Mobile 📶

Item forms let you customise the order and appearance of attributes when users create or edit items of a particular design/interface.

In Alloy Mobile, item forms were previously loaded on demand. While this ensured they were up-to-date, they would unfortunately be skipped if your device happened to be offline at that precise moment.

Therefore, item forms are now downloaded when the app synchronises, and will be displayed regardless of your device’s connectivity.

To interact with Alloy’s API, you must include your personal API key in every request you send. Currently, there are three possible methods for doing this. However, two of these methods can potentially expose your API key to attackers.

Therefore, we’re announcing the deprecation of these insecure methods, which will be blocked entirely from January 2025.

Going forward, please use the bearer authentication scheme to communicate with Alloy.

Who will be affected?

All users and implementations that don’t use Bearer authentication to access the Alloy API.

Details

The following authentication methods are now deprecated. They continue to work for now, but will no longer be accepted in the near future:

• A token URL parameter:
  https://uk.alloyapp.io/api/session/me?token=<value>

• A token header:
  Token: <value>

From now on, the only supported method is to use the Authorization header with the bearer scheme (RFC 6750):
Authorization: Bearer <token>

Expected release

January 2025

This month brings an assortment of behind-the-scenes improvements and fixes. Whilst these won’t be directly noticeable, you should find that various Alloy features are operating more robustly than before.

In particular, we’ve been focusing our efforts on Alloy Mobile, resulting in wide range of issues being identified and fixed (some of which were released as v2.60.1 and v2.60.2).

We’re also continuing to lay the foundations for the exciting new changes coming later this year 😎.

The update took place during the evening of the 25th July. For a full list of changes in v2.61, please visit the Alloy Changelog.

The ApplicableTypes API endpoint (Swagger, ReDoc) can add and remove associations between specific activity designs and asset designs.

We’re updating this endpoint so that you can perform multiple “Applies to” operations in one go. This’ll make it possible to associate multiple work items with multiple jobs in a single API call!

However, the update will introduce a minor breaking change to prepare for.

Who will be affected?

Users and implementations that add or remove applicable types via the Alloy API.

Details

The following endpoints have a from parameter that currently accepts a single ApplicableFromWebModelBase model:

• Add applicable types – POST /api/applicable-type
• Remove applicable types – DELETE /api/applicable-type

After the release date, the from parameter will require an array of ApplicableFromWebModelBase models, even if you’re only supplying one.

Expected release

25th July 2024 as part of the Alloy v2.61 release.

This month’s update brings several quality-of-life improvements to make using Alloy easier. The update took place during the evening of the 27th June. For a full list of changes in v2.60, please visit the Alloy Changelog.

Improved Routing Editor 📍

We’ve made several behind-the-scenes improvements to the Routing Editor, which lets you plan routes between the tasks of a project and any added waypoints.

The Routing Editor now behaves more robustly when switching between the fastest route (quickest time to visit all waypoints in the current order) and the shortest route (reorder waypoints for shortest travel distance). The current route type is now indicated by a new attribute on the route’s General tab. The route’s Geometry tab is also updated accordingly.

System DoDIs are now hidden 🙈

Alloy includes many core designs and interfaces that underpin its system features. These get listed alongside all the other designs/interfaces in your customer project, in places such as the Search panel, Data Explorer and Permissions Manager.

To help simplify things a bit, we’ve gone through these system designs/interfaces and hidden the ones that no one realistically needs to access. This includes:

• All workflow action designs, e.g. Add Links, Message
• The Applicable To and Applicable Filter designs
• The Counters design
• Many designs/interfaces related to reports:
  • Reports
  • Report Types
  • Report Documents
  • File Report Documents
  • Custom Report
  • Item Level Report
  • Summary Level Report
  • The designs of all your custom reports

This should make it easier to find what you want going forward!

In the unlikely event that you need to view items of hidden designs/interfaces, you can still use the Search panel to search within them. Start typing its name and choose the design/interface when it appears. To view the resulting items in the Data Explorer, select the highlighted button.

Reconfigure validated imports 🗂️

Using Gateway, you can create and configure data imports. After an import’s configuration has been successfully validated, you can choose to Reconfigure it as needed.

While this was always possible, you originally had to redefine the configuration from scratch. Now, the existing configuration is loaded, making it far easier to tweak a property or attribute!

Multi-instance Message and Output actions 📧

When building a workflow, you can add various actions to its branches. The Message action can send an email/SMS and the Output action can fetch specific items for the workflow to act on.

Previously, both actions operated only in single instance mode. This means that the action is always performed one time only, regardless of the number of input items.

Now, both actions have a new Single Instance property, which is disabled by default. This means the action will be performed for each input item. If there are no input items, the action isn’t performed.

For example, imagine a Message action that receives three input items. If its Single Instance property is enabled, one message will be sent containing 3 items. If not, three messages will be sent containing one item each.

Things are starting to look a little different around here. This month’s update took place during the evening of the 30th May. For a full list of changes in v2.59, please visit the Alloy Changelog.

New logo ⚡

Alloy has rocked the same logo since its inception in 2017. The big, bold letters represented our desire to make an impact and disrupt the marketplace with a similarly big and bold product, making it possible to manage all asset classes in one place for the first time.

Seven years later, Alloy is now one of multiple products offered by Causeway Technologies, the UK’s largest software solution provider for the construction and infrastructure industries.

Following the recent announcement of the new CausewayOne platform, our products are being rebranded with a new visual identity that’s modern and consistent. The new logo represents Causeway’s ongoing mission to digitise and connect each stage of the construction process, enabling data to flow freely between them.

We hope you like the new look!

Responsive Geometry Editor and pickers ↔️

We’ve been gradually improving Alloy’s usability on devices with smaller screens.

The Geometry Editor now renders properly at low screen widths, with the Draw tools appearing at the top to avoid collisions with other buttons. The GeoJson panel is no longer shown by default, but can still be enabled via the bottom-right menu if needed.

Similarly, the colour, icon and calendar pickers have also been adapted to work on smaller screens. In particular, the arrow buttons on the side of the calendar picker have moved to the top blue bar, enabling you to cycle through the months and years.

Renamed Parents section on Mobile 👪

When viewing an item’s details in Alloy Mobile, the “Originates From” section has been renamed to “Parents” to match how it appears in Alloy Web.

Access policy changes ✅

While we don’t often mention API-only features in release notes, we know some of you have started implementing access policies to govern user access on a per-item basis.

Therefore, we thought you might like to know about a couple of recent changes!

First, we’ve added three new expression types, providing more ways to define an access rule. To learn about how they work, check out HasAccess, User condition and Boolean condition in this Alloy Help article.

Secondly, access policies are now supplemental to permissions, rather than functioning on their own. If a user doesn’t have the Read permission enabled for the item’s design, an access policy will no longer have an effect.

Put simply, permissions let you grant access to all items of a particular design. Access policies let you refine that access by making it conditional, based on whether an item’s values fulfil the defined condition(s).

We’re updating the behaviour of AQS Join queries to ensure that all join attributes are exported correctly in a particular scenario.

This will change the output of the Export API endpoint for some AQS Join queries. However, rest assured that none of your saved queries will be affected!

Who will be affected?

Anyone who uses:

• the Data Explorer’s export feature in Alloy Web
• the Export API endpoint

Details

The change will only affect AQS Join queries where all the following are true:

• the queried design contains a Link attribute to an interface
• the query includes a join attribute from the interface
• the query includes one or more join attributes from a child design/interface that implements the interface

Currently, in this scenario, the join attributes from the child design/interface are incorrectly included within the interface’s path group. As a result, these join attributes are omitted from the export files because their paths are invalid.

The change will correct this issue. Therefore, if you regularly export joined data, be aware that export files may start to contain attributes that were missing before.

Expected release

30th May 2024 as part of the Alloy v2.59 release.

If you use Alloy’s Reports feature, you’re going to love this month’s update! It took place during the evening of the 25th April. For a full list of changes in v2.58, please visit the Alloy Changelog.

Report Table Totals 🧮

This is a big new feature that many of you have been anticipating!

When editing flow documents in the Report Builder, we’ve added a new edit mode for Table controls. Among other things, this lets you add summary rows to the table that display calculated data values!

New Edit mode

To get started, select a Table control in the Document Layout Editor, and then select Edit in the toolbar.

The new edit mode makes it much easier to configure your table and includes some cool new features.

Easier header configuration

Previously, configuring a header was a somewhat laboured affair 😐. You had to select Headers in the toolbar, select the listed header, select a property field, and then supply either a Constant value or a Dynamic value from a data source.

Now, you simply select the header column and then select a property in the toolbar. No more Constant vs Dynamic, just choose an option or type something!

Reorder columns

Previously, you had to select Headers and drag them up and down a list. Now, you can simply drag columns by their header to reorder them.

Summary rows

Select + Add summary row to add one to the table. You add as many as you like and position them before or after the table’s data. Like the columns, you can reorder them by dragging.

Select a summary cell to configure it. Either input a Static text value or choose a Dynamic source, which can be any header in the table or another data source.

You then have the option of performing a calculation on the Dynamic source, e.g. Average, Count, Sum, Product, Standard Deviation. When the report is run, the calculated value will be displayed!

For more detail on the new edit mode for Table controls, check out Alloy Help.

Improved Title/Subtitle editor ⚡

When editing a design, you can select its Title or Subtitle property to show this editor. It lets you specify how items of the design are labelled. To include an attribute variable in either label, type { in its box and a list of suggested attributes appears.

Further down the list are parent Link attributes that either connect to the current design, or to an interface it implements. They may be located on a single parent design, or on an interface that's implemented by multiple parent designs.

The list now shows only valid parent attributes and clearly indicates which design(s) they’re located on. Additionally, the list no longer shows invalid child attributes, which were wrongly included before.

Longer passwords 🔑

Acting on the results of our yearly security tests, the minimum length for new passwords has increased from 8 to 12 characters. This only applies to passwords set from today (new accounts and password resets). Your existing passwords are unaffected.